Hackers Attempted DDoS Attack Against Utility: Report

Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service as a result of the incident, according a recently released report.

The incident, which took place in March, caused a brief communication disruption between remote sites and the utility's main control center, according to the "lessons learned" report by the North American Electric Reliability Corp. The non-profit organization develops and enforces standards for U.S. power and utility companies.

The name of the utility that was targeted was not revealed in the report.

The attackers apparently took advantage of several known vulnerabilities within public, internet-facing firewalls that helped connect the control center to different remote sites, according to the report. This occurred over a 10-hour period, with communication between the main control center and remote sites going down for less than five minutes due to the attempted DDoS attack, the report says.

"The affected firewalls were all perimeter devices that served as the outer security layer," according to the report. After the firewalls kept rebooting, the utility's IT team checked the logs and noticed a pattern, the report notes.

The report recommends the utility make several improvements, including such basic security moves as implementing better software patch management and creating a layered defense to help build in redundancies.

"Based on this review, the entity decided to implement a more formal and more frequent review of vendor firmware updates that would be tracked within internal compliance tracking software," according to the report. "It should be noted that the entity was already working to develop internal procedures to support this process; however, these were not completed or being practiced at the time of the event."

Concerns Over Power Grid

E&E News, a publication that covers U.S. utility companies, first reported the analysis by the North American Electric Reliability Corp., which is now publicly available.

The incident, which happened on March 5 between about 9 a.m. and 7 p.m. PST, appears to have affected operations in several Western states, including California, Wyoming and Utah, according to an initial report posted by the U.S. Department of Energy.

The security of the U.S. power grid and the utilities that support and supply it with electricity is a growing area of concern. As older systems and infrastructures are linked to the internet, more of these companies and their systems are vulnerable, security experts say.

And while it's not clear who attempted to attack this particular utility, a report issued by security vendor Dragos in June found that an advanced persistent threat group had started to turn more of its attention to power companies (see: Xenotime Group Sets Sights on Electrical Power Plants).

Trouble With Firewalls

Poorly maintained network firewalls can raise security issues because they sometimes are used to protect a large number of assets, including websites, cloud infrastructure and even industrial control systems, says Chris Roberts, the chief security strategist at security firm Attivo Networks.

"Unfortunately, in many of the cases, a lot of those front ends [firewalls] are outdated and not patched, maintained, secured or even well managed," Roberts tells Information Security Media Group. "Many of them are either internet accessible ... or obfuscated behind the corporate enterprise and protected by little more than the equivalent of a chocolate fireguard."

The North American Electric Reliability Corp. report offers several ways that power utilities can improve their cybersecurity, including:

Make faster updates to the firewall firmware to address vulnerabilities;

Use VPNs to better control network traffic;

Ask the U.S. Department of Homeland Security to conduct an assessment and vulnerability scanning;

Create redundancies within the firewalls so that communication between different points can continue in case of a disruption.

About the Author

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked at Analytics India Magazine, The New Indian Express and IDG, where she reported on developments in technology and education.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.